[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-key-sharing


At 11:42 AM 11/17/97 -0700, Bob Jueneman wrote:
>>I suspect that the scarcity of key pairs comes back to an assumption in
>>parts that one needs a purchased identity certificate in order to use a key
>>pair.  This assumption comes from the business model of a CA, not from
>> - Carl
>No, thats a conclusion, rather than an assumption.
>The assumption is that in order to be able to trust a key pair nominally
>associated with someone you have never met and don't know anything about,
>that is it necessary to have some trusted third party play some kind of an
>intermediary role in vouching for the individual who allegedly holds the
>private key.

This assumption is valid as stated but you use it to lead to invalid 
conclusions, so we need to examine your logic.

If you intend to honor a key, you need to have the necessary authorization 
pass from you to that key (back to you) through an unbroken loop.  This 
means, that unless you issue the empowering certificate yourself, there must 
be some other agent in the path between you and the key to which you have 
delegated the authority to pass along this kind of authorization.  This is 
the intermediate party you call for -- and it's there only to spread out the 

In other words, if you have any security policy at all, you won't deal with 
keyholders you know nothing about.  You need to know something about the 
keyholder relevant to your business.  E.g., "is this keyholder allowed to 
use this credit card?"

>The trusted third party may or may not testify to the creditworthiness of
>that individual -- they may only confirm his identity, AKA his globally
>unambiguous name (sorry, Carl). but in order for this identification to have
>some viability in the commercial world, there has to be the possibility of
>financial recourse in the event the CA screws up.

You're assuming that a global name implies the ability to track down someone 
for prosecution.  That's a bogus assumption.  This is what I call, after the 
last ABA-ISC meeting, a "lawyer's cert".  It was described to me there by 
Richard Field.  The cert does not give any such promise.  Its only validity 
is in hoodwinking the cert holder into honest behavior because he thinks he 
might be traceable.

>And since such enterprises don't run on love, the CAs will charge for these

The real Issuer you want here is ACME Process Servers, issuing a cert 
expiring on 31-dec-2001 promising to track down and serve papers on the 
keyholder (for a fee, of course) at any time up til 31-dec-2001, in the 
event of fraud by the keyholder.  ACME, of course, will not put any 
generally usable identifying information in that cert.  The cert will have 
ACME's file number -- just enough to let ACME and no one else track down 
that fee in the event the cert is submitted for redemption.

>That doesn't mean that your PGP certificates may not be perfectly acceptable
>among your circle of friends.. It just means that your bank won't accept
>them, and neither will the local five and dime.

PGP certs never did mean anything real to me -- well, they're more real than 
an X.509 cert because they tie e-mail address to key -- but they still use a 
global name space.

There's every reason for my local bank to accept SPKI/SDSI certs, however, 
because they themselves will empower the cert loops in which one might find 
an SPKI cert I issue to my daughter (delegating some of my spending power) 
or to my temporary laptop traveling key.

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |